Anil K. Jain

With

Adapting Biometric Representations for Cryptosystems

Adapting Biometric Representations for Cryptosystems

With

Abhishek Nagar & Karthik Nandakumar

Department of Computer Science and Engineering

Michigan State University

http://biometrics.cse.msu.edu

OutlineOutline

• Biometric systems

• Security of biometric systems

• Biometric cryptosystems

– Fuzzy commitment & fuzzy vault

– Alignment

– Adapting representations

– Hybrid cryptosystems

• Challenges

User AuthenticationUser Authentication

• Users can no longer be trusted based on credentials

• Most popular password is “123456”

• Skimming, phishing

• “For terrorists, travel documents are as important

as weapons”1as weapons”1

• Spanish police arrested 7 men, connected to al-

Qaeda, tasked with stealing 40 passports/month2

• But, credentials can be revoked and reissued

[1] http://www.9-11commission.gov/report/911Report.pdf (pg. 384, 2nd paragraph)

[2] http://homelandsecuritynewswire.com/spain-busts-terrorist-passport-stealing-ring

Automatic method for person recognition based on

one or more intrinsic physical or behavioral traits

Biometric RecognitionBiometric Recognition

• Biometric traits are unique & permanent!

• Intra-class variability is extremely small

• Inter-class variability is extremely large

• In practice, systems have non-zero FAR & FRR

Fundamental PremiseFundamental Premise

System VulnerabilitiesSystem Vulnerabilities

Template security is one of the most critical issues

Template SecurityTemplate Security

• Consequences of stolen templates

– Intrusion: create physical spoof (security vulnerability)

– Function creep: cross-matching (loss of privacy)

Secure Template: RequirementsSecure Template: Requirements

• Diversity: Secure template must not allow cross-matching, ensuring user’s privacy

• Revocability: Revoke a compromised template and reissue a new one using the same biometric

• Security: Difficult to obtain the original

Challenge: How to satisfy all these requirements at the same time in the presence of intra-user variations?

• Security: Difficult to obtain the original template from the secure template

• Performance: Secure template should not degrade the matching performance

Secure Template: ApproachesSecure Template: Approaches

Jain, Nandakumar and Nagar, “Biometric Template security”, EURASIP J. on Advances in Signal Processing, 2008

• Hybrid schemes: make use of more than one basic approach e.g., salting followed by key binding

Key-binding Biometric CryptosystemKey-binding Biometric Cryptosystem

• Store a secure sketch (helper data) by biding the

template wit a cryptographic key

Fuzzy vault (point set features); fuzzy commitment (binary strings)

Fuzzy CommitmentFuzzy CommitmentEncoder Decoder

Juels and Wattenberg, “A fuzzy commitment scheme,” in Proc. 6th ACM Conf. Computer and Communications Security, 1999

• Variability in binary biometric features is translated to variability in

codeword of an error correction scheme, which is indexed by a key

• Corrupted codeword can be corrected to recover the embedded key

• Lack of perfect code for desired code length

Fuzzy VaultFuzzy Vault

• Decoder identifies genuine points in mixture of genuine & chaff points• How to generate chaff points that are indistinguishable from genuine points?

Nandakumar, Jain and Pankanti, "Fingerprint-based Fuzzy Vault: Implementation and Performance", IEEE TIFS, 2007

Fingerprint VaultFingerprint Vault

Fingerprint Minutiae Fuzzy vault

Fuzzy Schemes: Challenges

• How to align query with template without

template leakage?

• How to construct vault/commitment for

arbitrary biometric traits/representations?arbitrary biometric traits/representations?

• How to enable revocability?

• How to estimate security given that biometric

features distributions are non-uniform?

AlignmentAlignment

Template image or feature vector not available for alignment; additional data stored for alignment should

• not lead to template reconstruction

• carry sufficient information for alignment

Three different impressions of the same finger

Alignment based on High Curvature PointsAlignment based on High Curvature Points

Template

Overlaid minutiae Aligned minutiae

• High curvature points do not reveal the minutiae template

• Requires extra storage & computation

Query

Nandakumar, Jain & Pankanti, TIFS, 2007

Focal-Point Based AlignmentFocal-Point Based Alignment

• Focal point is the average centre of curvature of high curvature ridges; analogous to a core point

• Requires storage of a single (x,y,θ) point

• Can be extracted even for arch-type & partial prints

Nandakumar, “A fingerprint cryptosystem based on minutiae phase spectrum”, WIFS, 2010

Other Secure Alignment ApproachesOther Secure Alignment Approaches

• Reliable minutiae neighborhood1

– Requires training

• Singular points

– Not always available

• Use of features relative to each minutiae2• Use of features relative to each minutiae2

– Invariant to rotation and translation

– Different matching approaches are needed

– Difficult to analyze its security

[1] S. Yang and I. Verbauwhede, “Automatic Secure Fingerprint Verification System Based on Fuzzy Vault Scheme,” ICASSP, March 2005[2] T. E. Boult, W. J. Scheirer, and R. Woodworth, “Fingerprint Revocable Biotokens: Accuracy and Security Analysis,” CVPR, June 2007

Adapting Biometric Representations

• Motivation

• Obtain a representation in a form suitable

for fuzzy commitment and fuzzy vault

• Facilitate fusion of modalities• Facilitate fusion of modalities

• Requirements

• Maintain discriminability

• Uniformly random features for security

analysis

Trait Features Representation Type

Minutiae Texture-based Minutiae: Unordered set of points, variable size, distribution is not uniform

Texture-based (fingercode): Real-valued fixed-length vector, values are not i.i.d

Biometric RepresentationsBiometric Representations

Subspace projections

Local Texture(e.g., LBP)

PCA/LDA/LBP Histogram: Real-valued fixed-length vector, values are not i.i.d

Iriscode Fixed-length binary string;bits are not random and independent

Is it possible to have a common efficient representation?

• Objective: Transform minutiae set into binary string

• Phase of Fourier spectrum is sampled on log-polar

grid and quantized

Example of Adaptation

( )( )

( )∑

∑=

++

++= n

n

iiii vyux

vuF 1

)(2sinarctan),(

θπ

θπψ

( )∑=

−−=n

iiii jyyxxvuf

1

)exp(,),( θδ

K. Nandakumar, “A Fingerprint Cryptosystem Based on Minutiae Phase Spectrum”, IEEE WIFS, Dec 2010.

Fingerprint minutia set

Binarized Phase Spectrum (BiPS) representation adapted for fuzzy commitment

( )∑=

++n

iiii vyux

1

)(2cos θπ

Modality - Feature ApproachRepresentation

Original Final

Fingerprint - minutiae (Nagar et al., Xu et al.,

Farooq et al., Cappelli et al.)

Local aggregates, spectral minutiae, triplet histogram,

cylinder-codePoint set

Binary string

Fingerprint - minutiae (Sutcu et al.)

Geometric transformation Point setQuantized

vector

Fingerprint - orientation field & Gabor features

Biometric Feature Adaptations

field & Gabor features(Bringer et al.) Reliable component selection

& quantization based on statistical analysis of

features

Real vector

Binary string

3D Face – local curvature (Kelkboom et al.)

Face - Gabor features(Kevenaar et al.)

Face – PCA/LDA (Feng and Yuen)

Division into stable integer & unstable real parts

Real vector

Quantizedvector

Iris – Iriscode(Nandakumar and Jain)

Salting/fuzzy commitment of different bit segments

Binary string

Point set

Which scheme gives the most compact & discriminable representation?

Hardened Fuzzy VaultHardened Fuzzy Vault

• Salting + fuzzy vault to

introduce revocability

• Transform each

fingerprint quadrant

Original Template

Transformed Template

Nandakumar, Nagar and Jain, Hardening Fingerprint-based Fuzzy Vault Using Password, ICB 2007

fingerprint quadrant

using password

• Increase uniformity of

minutiae distribution

As secure as original vault even if password is compromised

Vault with Minutiae DescriptorsVault with Minutiae Descriptors

Local minutiae descriptors are bound to the ordinate

values of the vault using fuzzy commitment; improves

matching performance and security

Nagar, Nandakumar and Jain "Securing Fingerprint Template: Fuzzy Vault with Minutiae Descriptors", Proc. ICPR, 2008

Multibiometric Fuzzy VaultMultibiometric Fuzzy Vault

Vault Key

[5234]

VaultP(x) = 5x3+2x

2+3x+4

Chaff Points

Polynomial Evaluation

Minutiae

Template

Minutiae

Encoding

Feature

Level

Fusion

Iriscode Template

Salting Using

Transformation

Key

Nandakumar and Jain, "Multibiometric Template Security Using Fuzzy Vault", BTAS 2008

Iriscode is transformed into point set using fuzzy commitment & combined

with minutiae to improve both the matching performance and vault security

Template Security EvaluationTemplate Security Evaluation

• How difficulty it is to recover the original template

from the stored template (brute-force attack)?

• Typically expressed in bits & measured based on

– Avg. no. of trials needed to recover the template

– Entropy of original template given the secure sketch– Entropy of original template given the secure sketch

• Estimate of security requires a model of the

biometric feature distributions

• Zero-effort attacks (FAR) is reported separately

Security of CryptosystemsSecurity of Cryptosystems

• Fuzzy vault1

2

( , 1)log

( , 1)

C r n

C t n

+ +

Security = r: total no. of points in the vault

t: no. of genuine points

n: degree of polynomial used

• Fuzzy commitment2

Assumption: Both genuine and chaff points are uniformly distributed

• Fuzzy commitment

2

2log

( , )

I

C I Iρ

Security ≈I: Entropy of binary template

ρ: Fraction of errors corrected

Assumption: Reliable estimate of entropy (no. of i.i.d bits) is available

How to modify features to satisfy these assumptions?

[1] Nandakumar, Jain and Pankanti, "Fingerprint-based Fuzzy Vault: Implementation and Performance", IEEE Transactions on Info Forensics & Security, 2007

[2] Hao, Anderson, and Daugman, “Combining Crypto with Biometrics Effectively,” IEEE Trans. Computers, 2006

Comparison of Fingerprint CryptosystemsComparison of Fingerprint Cryptosystems

ApproachFNMR at Zero-FMR*

Security

Fingerprint fuzzy vault* 14% = 39 bits

Fuzzy commitment based on BiPS* 6% = 43 bits

Hardened fuzzy vault with password* <10% =45 bits

Fuzzy vault with minutiae descriptor* 7% =49 bits

(224,11)

(24,11)

C

C

(224,8)18( )

(24,8)

Cpassword

C+

(224,9)18( )

(24,9)

Cdescriptor

C+

)98,327(

2327

C

* FVC2002-DB2; 100 genuine matches and 9,900 (4,950 independent) impostor matches

# Fingerprint – MSU-DBI database (160 users); Iris – CASIA v1.0 (108 users)

Fuzzy vault with minutiae descriptor 7% =49 bits

Best matcher in FVC2002 0.3% N.A.

Fuzzy vault with two fingers# 12.5% = 40 bits

Fuzzy vault with multiple biometrics (fingerprint + iris)# 1.8% = 49 bits

18( )(24,9)

descriptorC

+

(884,14)

(84,14)

C

C

Security (guessing entropy) of 8 character password is ~18 bits1

[1] Burr et al., Electronic Authentication Guideline, NIST Special Publication 800-63, 2006

)12,72(

)12,672(

C

C

SummarySummary

• Biometrics is essential for trusted identification, but

we need tamper proof systems with low error rates

• Template security is an important issue because

compromised templates cannot be revoked/reissued

• A template protection scheme with provable security

& acceptable performance has remained evasive& acceptable performance has remained evasive

• Challenge is to design cryptosystems that

– generate non-linkable templates

– provide good trade-off between accuracy & security

– utilize feature adaptation schemes that preserve accuracy

and allow easy fusion of modalities

Additional ReferencesAdditional References[1] Albert Bodo, “Method for producing a digital signature with aid of a biometric feature,” German patent DE 42 43 908 A1, (1994)[2] C. Soutar, D. Roberge, A. Stoianov, R. Gilroy and B.V.K. Vijaya Kumar, "Biometric encryption using image processing," Proc. of SPIE, vol. 3314, 178-188, 1998[3] Ari Juels and Madhu Sudan, \A fuzzy vault scheme", Proceedings of the IEEE International Symposium on Information Theory, A. Lapidoth and E. Teletar, Eds., page 408, Lausanne, Switzerland, 30 June - 5 July, 2002.[4] A. Juels and M. Wattenberg, “A fuzzy commitment scheme,” in Proc. 6th ACM Conf. Computer and communications Security,G. Tsudik, Ed., pp. 28–3, 1999[5] Sharat Chikkerur, Alexander N. Cartwright, Venu Govindaraju: K-plet and Coupled BFS: A Graph Based Fingerprint Representation and Matching Algorithm. ICB 2006:[6] Jeffers, J., Arakala, A.: Minutiae-based Structures for a Fuzzy Vault. In: Proc. of. 2006 Biometrics Symposium, MD, USA, September 19-21, 2006 (2006)[7] T. E. Boult, W. J. Scheirer, and R. Woodworth, “Revocable Fingerprint Biotokens: Accuracy and SecurityAnalysis,” in IEEE [7] T. E. Boult, W. J. Scheirer, and R. Woodworth, “Revocable Fingerprint Biotokens: Accuracy and SecurityAnalysis,” in IEEE Conference on Computer Vision andPattern Recognition, June 2007, pp. 1–8.[8] J. Feng. Combining minutiae descriptors for fingerprintmatching. Pattern Recognition, 41(1):342–352, 2008.[9] Raffaele Cappelli, Matteo Ferrara, and Davide Maltoni. Minutia cylinder-code: a new representation and matching technique for

fingerprint recognition. IEEE Transactions on Pattern Analysis And Machine Intelligence, 2010.[10] A. K. Jain, A. Ross, and S. Prabhakar, "Fingerprint Matching Using Minutiae and Texture Features", Proc. I nternationalConference on Image Processing (ICIP), pp. 282-285, Greece, October 7-10, 2001.[11] A. K. Jain, S. Prabhakar, L. Hong and S. Pankanti, "FingerCode: A Filterbank for Fingerprint Representation and Matching", Proc. IEEE Conference on CVPR, Colorado, Vol. 2, pp. 187-193, June 23-25, 1999. [12] Aglika Gyaourova, Arun Ross: A Novel Coding Scheme for Indexing Fingerprint Patterns. SSPR/SPR 2008: 755-764[13] J. Bringer and V. Despiegel, Binary Feature Vector Fingerprint Representation From Minutiae Vicinities, BTAS, 2010[14] Xu, H. and Veldhuis, R.N.J. (2010) Binary Representations of Fingerprint Spectral Minutiae Features. In: 20th International Conference on Pattern Recognition (ICPR 2010), 23-26 August 2010, Istanbul, Turkey. 1212-1216 [15] Nagar, A.; Rane, S.D.; Vetro, A., "Alignment and Bit Extraction for Secure Fingerprint Biometrics", SPIE Conference on Electronic Imaging, Vol. 7541, 75410N , January 2010[16] Yagiz Sutcu, Qiming Li, Nasir D. Memon: Secure Biometric Templates from Fingerprint-Face Features. CVPR 2007[17] F. Farooq, R. M. Bolle, T.-Y. Jea, and N. Ratha, “Anonymousand Revocable Fingerprint Recognition,” in Proc. ComputerVisionand Pattern Recognition, Minneapolis, June 2007.